EIP-2026-118276

PRE-CVE

Apple Safari 3 for Windows Beta - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118276. PoCs published by Thor Larholm.

AI-analyzed exploit summary This exploit leverages Safari's lack of input validation for URL protocol handlers to execute arbitrary commands via Firefox's Gopher protocol handler. It launches cmd.exe by injecting JavaScript into Firefox's -chrome argument.

Description

Apple Safari 3 for Windows Beta - Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thor Larholm · htmlremotewindows

https://www.exploit-db.com/exploits/4061

View Code ZIP pw:eip

This exploit leverages Safari's lack of input validation for URL protocol handlers to execute arbitrary commands via Firefox's Gopher protocol handler. It launches cmd.exe by injecting JavaScript into Firefox's -chrome argument.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Safari for Windows (unspecified version)

No auth needed

Prerequisites: Firefox installed · Gopher protocol handler enabled in Firefox

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026